Businesses should install a Microsoftsecurity update to avoid being duped by exploited certificates that were used as part of the Flame malware attack against targeted Iranian computer networks.

The update fixes a vulnerability in Microsoft's Terminal Server Licensing Service that allowed signing of software with certificates as if it were code originating from Microsoft, the company said in a blog post.

The post, written by Mike Reavey, the senior director of Microsoft Trustworthy Computing, says an older cryptography algorithm proved exploitable and could be used to sign malicious code to certify that it came from Microsoft.

Terminal Services Licensing Service provided certificates that were permitted to sign code as if it came from Microsoft, the blog says. The certificates were intended to authorize Remote Desktop services securely.

The company issued a security advisory about how to correct the problem, and recommends that customers apply the update using update management software or Microsoft Update service.

An intermediate CA is a certificate authority that doesn't have the trust of the device it is connecting to, but it does have the trust of a root CA that the device does trust. Chains of intermediate CAs can lead back to a trusted root CA, and devices attempt to follow those chains to establish authenticity of certificates.

Weaknesses in this chain-of-trust system have were exploited repeatedly last year against SSL certificates used by browsers to authenticate websites. This led to repeated calls for a new authentication system.

Tim Greene covers Microsoft for Network World and writes the Mostly Microsoft blog. Reach him at tgreene@nww.com and follow him on Twitter @Tim_Greene.